From owner-freebsd-security  Tue Oct 30  9: 8:45 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id D9E7A37B405
	for <freebsd-security@freebsd.org>; Tue, 30 Oct 2001 09:08:35 -0800 (PST)
Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18])
	by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id f9UH8V471353;
	Tue, 30 Oct 2001 12:08:31 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20011030115848.0350bec0@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 30 Oct 2001 12:02:22 -0500
To: Hajimu UMEMOTO <ume@mahoroba.org>
From: Mike Tancsa <mike@sentex.net>
Subject: Re: probable virus
Cc: freebsd-security@freebsd.org
In-Reply-To: <20011031.020107.74732121.ume@mahoroba.org>
References: <5.1.0.14.0.20011030115023.03544ec0@marble.sentex.ca>
 <20011030165053.8CFBA37B405@hub.freebsd.org>
 <5.1.0.14.0.20011030115023.03544ec0@marble.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Thanks!   I had a look at NAI's site and it seems they know about it and 
its in their daily dat file updates.  Has anyone used this in conjunction 
with the FreeBSD scanner ? We have been using the weekly updates only in 
the past. Apart from the UPPERCASE only names inside the .zip file, at
http://download.nai.com/products/mcafee-avert/daily_dats/DAILYDAT.ZIP


         ---Mike

At 02:01 AM 10/31/01 +0900, Hajimu UMEMOTO wrote:
> >>>>> On Tue, 30 Oct 2001 11:51:34 -0500
> >>>>> Mike Tancsa <mike@sentex.net> said:
>
>
>mike> This looks virusish... Anyone know which one it is ?  The current 
>nai dat
>mike> file does not seem to catch it.
>
>Sophos caught it.
>Here is the output of the scanner:
>
> >>> Virus 'W32/Klez' found in file 
> /var/log/amavis/amavis-12567923/parts/msg-16493-2.exe
>
>--
>Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
>ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
>http://www.imasy.org/~ume/
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message